Pages

Showing posts with label Internet security. Show all posts
Showing posts with label Internet security. Show all posts

Friday, September 13, 2013

Prevent ATM thieves and cyber crimes on the rise

Banks to arm machines with ink bombs to stain stolen notes


PETALING JAYA: Thieves who rob automated teller machines will be left with worthless pieces of paper if a Bank Negara proposal is put into place. Dye bombs are to be placed in the ATMs and if anyone tampers with the machines, the “bomb” goes off, leaving the notes stained in red and easily recognisable as stolen money.

Bank Negara, in its guidelines on Dye-Stained Banknotes dated Aug 26, is calling on both banks and Cash in Transit Companies to consider using the currency protection device (CPD) to deter ATM theft.

Local security company Extro Code Sdn Bhd demonstrated yesterday a CPD or dye pack which is already available in the market.

Its technical director Mohd Zaki Sulaiman said that once installed, the dye pack would be triggered when someone tries to break into the ATM.

“The device is like a smoke bomb which releases the ink onto the stacks of banknotes in the ATM,” he said.

Mohd Zaki said there’s no actual explosion but there is some heat when the CPD is triggered.“The actual triggering mechanism is a trade secret,” he added.

He said the ink called Disperse Red 9 was not harmful. He said the ink was imported but the actual CPD was developed and produced locally.

Mohd Zaki declined to reveal the cost of each dye pack and the installation cost. “Who pays for the device will depend on Bank Negara and the banks,” he said.

He said there are four ATM providers in the country but installing the dye-packs in the different machines should not be a problem.

The Bank Negara guidelines state that the CPD would emit a bright coloured dye by smoke, liquid or any other agent to stain the currency in the event ATMs are broken into.

This will enable authorities and the public to easily identify the defaced stolen currency and render them unfit for use.

The guidelines also sets out conditions under which these banknotes will be replaced. Among them:
  • > The ink has to be indelible by water, fuel, gas, bleach and detergent.
  • > It must be traceable to the ATM, to assist police investigations.
  • > It must stain at least 10% of each bank note.
  • > It can be detected and rejected by banknotes authentication machines used by banks such as Cash 

Deposit Machines. >It must be non-hazardous and non-toxic.

If banks retrieved the dye-stained currency, they can submit the banknotes to the central bank for assessment.
Tellers will also be trained to detect these banknotes.

The public and retailers will be advised not to accept dye-stained banknotes as they are likely to be stolen.

These measure, Bank Negara believes, will reduce ATM robberies.

In the United States, banks have dye bombs in vaults and any unauthorised person who tries to remove any money will trigger the bomb, leaving all the money – and the robber – stained in ink.


Related stories:
9000 machines nationwide to have CPD
Cops welcome currency protection device proposal

Cyber crimes on the rise - millions of ringgit being lost annually to scams
Public awareness: (From left) Ambank deputy managing director Datuk Mohamed Azmi Mahmood, Khalid and AmIslamic Bank Berhad CEO Datuk Mahdi Morad at the launch of the Scam Alert campaign in Bukit Aman. 
Public awareness: (From left) Ambank deputy managing director Datuk Mohamed Azmi Mahmood, Khalid and AmIslamic Bank Berhad CEO Datuk Mahdi Morad at the launch of the Scam Alert campaign in Bukit Aman 

KUALA LUMPUR: Fraud and cyber crimes in the country have risen unchecked due to the lack of public awareness, while victims are hesitant to report the crime, the police said.

Millions of ringgit have been lost annually to crimes like sms scams and parcel scams, which have mostly gone unnoticed in the public eye.

In a bid to stop such crimes, the police has launched an awareness initiative on the various types of scams in the country.

Inspector-General of Police Tan Sri Khalid Abu Bakar said the initiative, under the National Blue Ocean Strategy, comprised cooperation with the Association of Banks in Malaysia (ABM) and the Association of Islamic Banking Institutions Malaysia (AIBIM).

The public would be informed and educated on the different types of fraud and cyber crime scams being used by today’s criminals.

“We are posting a list of the various methods and modus operandi used in these scams at our official police website at www.rmp.gov.my.

“This will be linked to the websites of all banks in the country so that anyone can easily access the information which will be regularly updated,” he said after launching the initiative at Bukit Aman yesterday.

Khalid said RM98.6mil in losses was recorded last year in cases involving cyber crimes, including Internet banking fraud as well as sms and parcel scams.

“So far this year, such losses have reached RM80.7mil, which shows that such cases and losses are increasing,” he said.

He added that losses to sms scams had jumped from RM5.8mil last year to RM39.2mil so far this year.

- The Star/Asia News Network

Sunday, June 9, 2013

Malware, ransomware attacks are a growing threat to computer and mobile phone!

FORGET pickpockets or thieves. The biggest threat to your smartphone now is kidnappers cyber “kidnappers” that is, with their Ransomware.

As the name suggests, ransomware is a malware (malicious software) that will keep your phone or computer a prisoner until you pay a ransom. Only when the specified amount of money is paid will you be able to “free” your device and access data or information.

Although it is not new ransomware is said to originate from Russia in 2005 and has been attacking many computers worldwide since the Symantec Corp Internet Security Threat Report (ISTR) Volume 18 revealed that ransomware is emerging as the malware of choice because of its high profitability for attackers.

Luckily, says Symantec Malaysia's senior technical consultant David Rajoo, to his knowledge, no cases have been reported here yet.

“However, as the worldwide web has no boundaries and with increasing broadband penetration and as more users are accessing the Internet, Malaysia is certainly exposed to the Ransomware threats,” he says.

Infected machines display messages which demand payment in order to restore functionality. - David Rajoo Infected machines display messages which demand payment in order to restore functionality. - David Rajoo
Rajoo points out that awareness is key to combat ransomware threat.

As the report highlights, attackers are using deceptive links and poisoned websites to infect unsuspecting users with malicious software and lock their machines.

“The attackers, many of them cybercriminal organisations, then hold users' machines for ransom. Infected machines display messages which demand payment in order to restore functionality,” he tells.

Recent attacks have also displayed images that impersonate law enforcement.

Consumers on the Android platform are most vulnerable to ransomware and mobile threats, says the report.

Last year, mobile malware increased by 58%, and 32% of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers.

Although Android has fewer vulnerabilities, its threats are higher than any other mobile operating system. Its open platform and the multiple distribution methods available to distribute malicious apps make it the go-to platform for attackers, adds the report.

With malware growing sophisticated every day, Rajoo adds, a mix of intelligence-based technologies can provide optimal security to stop new and unknown malware.

To avoid getting infected, ensure the device's software and anti-virus definitions are up to date, and avoid suspicious sites, Rajoo advises.

“We also advise users to use more than antivirus for protection. We recommend using advanced reputation security which provides layered defence. Use more than just Antivirus use a full functionality solution which includes heuristics, reputation-based, behaviour-based and other technologies,” he says, stressing that a key strategy is to fend off threats before they infiltrate your computer system.

Symantec Malaysia's Systems Engineering director Nigel Tan agrees that stopping the threat at the gate is important as cyber criminals continue to devise new ways to steal information from organisations of all sizes.

Staying ahead of attacks

“The sophistication of attacks coupled with today's information technology complexities require organisations in Malaysia and globally to remain proactive and use “defence in depth” security measures to stay ahead of attacks,” he added.

According to the annual ISTR which analyses the year in global threat activity, Malaysia was ranked 35th on its global Internet security threat profile in 2012.

As it highlights, there was a 42% surge last year in targeted attacks globally compared with the prior year.

These targeted cyberespionage attacks, designed to steal intellectual property, are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31% of these attacks.

Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques.

In a watering hole attack scenario, attackers compromise a carefully selected website by inserting an exploit resulting in malware infection. Through the compromised website, the attackers will target victims who visit the compromised site and take advantage of their software vulnerabilities to drop malware that will allow them to access sensitive data and take control of the vulnerable system.

As Symantec alerts, 61% of malicious websites are actually legitimate websites that have been compromised and infected with malicious code.

Business, technology and shopping websites were among the top five types of websites hosting infections. The shift of focus from government websites indicates an increase in attacks targeting the supply chain cybercriminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property.

The attack uses the security weaknesses in the supply chain specifically the small businesses to gain access into larger and more secured companies, adds Symantec.

Case in point is that those in sales became the most commonly targeted victims last year.

Another growing source of infections on websites is malvertisements this is when criminals buy advertising space on legitimate websites and use it to hide their attack code.

Tan urges organisations to continue to take proactive initiatives to secure and manage critical information from a variety of security risks, especially targeted attacks in the manufacturing and small business sectors, mobile malware, and phishing threats.

By HARIATI AZIZAN sunday@thestar.com

Friday, March 30, 2012

Spy on citizens?

To spy or not to spy on citizens? That’s the question

KUALA LUMPUR: Should governments use “trojan horse” programs or other computer hacking tools to spy on its citizens?

Mikko Hypponen, chief research officer for network security solutions company F-Secure Corp, believes the end does not justify the means. But he admits that there is no clear answer.

 “It's a problematic subject. As long as technology is used to catch drug smugglers or terrorists, that's great.

“But when a government places a trojan on the computer of an innocent person, it is a horrible wrongdoing,” he said recently.

He was in Kuala Lumpur for a meeting at F-Secure's network security monitoring centre in Bangsar South, which covers the Asian region.

The problem has been compounded in recent times because terrorists and so-called “hacktivists” have no qualms about launching cyber attacks against governments and others.

So why shouldn't governments resort “to fighting fire with fire”?

Hypponen said it was a question for each government to mull over because there was no one-size-fits-all solution.

He cited Germany as an example where a government-backed trojan program was set loose on public networks.
Controversy arose in Germany in October last year after a hacker group highlighted what it claimed was a government trojan program to spy on people, Hypponen said.

The program, apparently deployed to help law enforcement agencies, could record Skype calls, monitor online messages, log keystrokes on a computer and even take pictures of the screen.

Hypponen said he was glad to note that such trojan programs had not been deployed in Malaysia.

Last year, Hypponen tweeted about the Anonymous hacker group's threat to attack government websites in Malaysia, which later happened.

> Watch out for the full interview in StarBytz, the information technology pullout of The Star.

By GABEY GOH The Star/Asia News Network

 Related articles
The digital detective: Mikko Hypponen's war on malware is escalating (wired.co.uk)
The Digital Detective: Mikko Hypponen's Escalating War On Malware (howwecreatevalue.com)